Fix zitadel config

Flake lock file updates:

• Updated input 'secrets':
    'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=0cf25cbc71fcfe7c16250847e5f31abd730e04c4' (2024-08-11)
  → 'git+ssh://git@git.vimium.com/jordan/nix-secrets.git?ref=refs/heads/master&rev=b47efe67031e12a2d5560b94fdb4de7dca3df80c' (2024-08-11)

LICENSE

@@ -1,4 +1,4 @@
-Copyright (C) 2025 by Jordan Holt <jordan@vimium.com>
+Copyright (C) 2023 by Jordan Holt <jordan@vimium.com>
 
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted.

README.md

@@ -6,8 +6,8 @@ System and user configuration for NixOS-based systems.
 |-|-|
 | **Shell:** | zsh |
 | **DE:** | GNOME |
-| **Theme:** | Adwaita |
+| **Theme:** | adwaita |
-| **Terminal:** | Ptyxis |
+| **Terminal:** | Console |
 
 ## Provisioning a new host
 > [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used

flake.lock

@@ -66,11 +66,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1727447169,
+        "lastModified": 1718194053,
-        "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
+        "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
+        "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
         "type": "github"
       },
       "original": {
@@ -87,11 +87,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728330715,
+        "lastModified": 1722113426,
-        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
+        "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
+        "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
         "type": "github"
       },
       "original": {
@@ -107,11 +107,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735468753,
+        "lastModified": 1723080788,
-        "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=",
+        "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21",
+        "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed",
         "type": "github"
       },
       "original": {
@@ -123,11 +123,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1735511798,
+        "lastModified": 1723137499,
-        "narHash": "sha256-U9WjPisByrvw8Kt6Ufg9kLrvg7uHPsFSyG93GR3I1iE=",
+        "narHash": "sha256-MOE9NeU2i6Ws1GhGmppMnjOHkNLl2MQMJmGhaMzdoJM=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "097c98cb4a7568f6f83a43e37950c08b575dd126",
+        "rev": "fb5b578a4f49ae8705e5fea0419242ed1b8dba70",
         "type": "github"
       },
       "original": {
@@ -182,6 +182,22 @@
         "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
       }
     },
+    "flake-compat_4": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -190,11 +206,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1733312601,
+        "lastModified": 1722555600,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
         "type": "github"
       },
       "original": {
@@ -203,30 +219,9 @@
         "type": "github"
       }
     },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "git-hooks": {
       "inputs": {
-        "flake-compat": [
+        "flake-compat": "flake-compat_4",
-          "nixvim",
-          "flake-compat"
-        ],
         "gitignore": "gitignore",
         "nixpkgs": [
           "nixvim",
@@ -238,11 +233,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1734797603,
+        "lastModified": 1722857853,
-        "narHash": "sha256-ulZN7ps8nBV31SE+dwkDvKIzvN6hroRY8sYOT0w+E28=",
+        "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "f0f0dc4920a903c3e08f5bdb9246bb572fcae498",
+        "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
         "type": "github"
       },
       "original": {
@@ -318,16 +313,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1735344290,
+        "lastModified": 1720042825,
-        "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
+        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "613691f285dad87694c2ba1c9e6298d04736292d",
+        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
+        "ref": "release-24.05",
         "repo": "home-manager",
         "type": "github"
       }
@@ -340,48 +335,20 @@
         ]
       },
       "locked": {
-        "lastModified": 1735344290,
+        "lastModified": 1720042825,
-        "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
+        "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "613691f285dad87694c2ba1c9e6298d04736292d",
+        "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.11",
+        "ref": "release-24.05",
         "repo": "home-manager",
         "type": "github"
       }
     },
-    "ixx": {
-      "inputs": {
-        "flake-utils": [
-          "nixvim",
-          "nuschtosSearch",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixvim",
-          "nuschtosSearch",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729958008,
-        "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
-        "owner": "NuschtOS",
-        "repo": "ixx",
-        "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NuschtOS",
-        "ref": "v0.0.6",
-        "repo": "ixx",
-        "type": "github"
-      }
-    },
     "kvlibadwaita": {
       "flake": false,
       "locked": {
@@ -406,11 +373,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735218083,
+        "lastModified": 1722924007,
-        "narHash": "sha256-MoUAbmXz9TEr7zlKDRO56DBJHe30+7B5X7nhXm+Vpc8=",
+        "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "bc03f7818771a75716966ce8c23110b715eff2aa",
+        "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
         "type": "github"
       },
       "original": {
@@ -421,11 +388,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1735388221,
+        "lastModified": 1723310128,
-        "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=",
+        "narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "7c674c6734f61157e321db595dbfcd8523e04e19",
+        "rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
         "type": "github"
       },
       "original": {
@@ -441,18 +408,20 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nixpkgs-24_11": "nixpkgs-24_11"
+        "nixpkgs-24_05": "nixpkgs-24_05",
+        "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1735230346,
+        "lastModified": 1718084203,
-        "narHash": "sha256-zgR8NTiNDPVNrfaiOlB9yHSmCqFDo7Ks2IavaJ2dZo4=",
+        "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "dc0569066e79ae96184541da6fa28f35a33fbf7b",
+        "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
         "type": "gitlab"
       },
       "original": {
         "owner": "simple-nixos-mailserver",
+        "ref": "nixos-24.05",
         "repo": "nixos-mailserver",
         "type": "gitlab"
       }
@@ -473,28 +442,28 @@
         "type": "github"
       }
     },
-    "nixpkgs-24_11": {
+    "nixpkgs-24_05": {
       "locked": {
-        "lastModified": 1734083684,
+        "lastModified": 1717144377,
-        "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
         "type": "indirect"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1735471104,
+        "lastModified": 1723175592,
-        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
+        "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
+        "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
         "type": "github"
       },
       "original": {
@@ -521,16 +490,16 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1735669367,
+        "lastModified": 1723282977,
-        "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=",
+        "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9",
+        "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc",
         "type": "github"
       },
       "original": {
         "id": "nixpkgs",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
         "type": "indirect"
       }
     },
@@ -545,47 +514,23 @@
         "nixpkgs": [
           "nixpkgs"
         ],
-        "nuschtosSearch": "nuschtosSearch",
         "treefmt-nix": "treefmt-nix"
       },
       "locked": {
-        "lastModified": 1735389157,
+        "lastModified": 1722925293,
-        "narHash": "sha256-3co5A7PUEN+Bm7b3/6BxFsmvplg3XYUNR2MzWnheZoE=",
+        "narHash": "sha256-saXm5dd/e3PMsYTEcp1Qbzifm3KsZtNFkrWjmLhXHGE=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "c8fa65c6ac35dba157de0873d645ab398c370123",
+        "rev": "170df9814c3e41d5a4d6e3339e611801b1f02ce2",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "nixos-24.11",
+        "ref": "nixos-24.05",
         "repo": "nixvim",
         "type": "github"
       }
     },
-    "nuschtosSearch": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "ixx": "ixx",
-        "nixpkgs": [
-          "nixvim",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1733773348,
-        "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=",
-        "owner": "NuschtOS",
-        "repo": "search",
-        "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NuschtOS",
-        "repo": "search",
-        "type": "github"
-      }
-    },
     "plasma-manager": {
       "inputs": {
         "home-manager": [
@@ -596,11 +541,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735049224,
+        "lastModified": 1723232379,
-        "narHash": "sha256-fWUd9kyXdepphJ7cCzOsuSo7l0kbFCkUqfgKqZyFZzE=",
+        "narHash": "sha256-F4Y3f9305aHGWKqAd3s2GyNRONdpDBuNuK4TCSdaHz8=",
         "owner": "nix-community",
         "repo": "plasma-manager",
-        "rev": "d16bbded0ae452bc088489e7dca3ef58d8d1830b",
+        "rev": "22bea90404c5ff6457913a03c1a54a3caa5b1c57",
         "type": "github"
       },
       "original": {
@@ -631,11 +576,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1730732927,
+        "lastModified": 1723385164,
-        "narHash": "sha256-t3MTEgi6O7DMxMjdi3xcTAztLDQmEtqQ+oU+ZbWz2AI=",
+        "narHash": "sha256-/z4nBwpHsGWl1gmGv7FQQgoOcPwUaVzL7rfjI5nTOLg=",
         "ref": "refs/heads/master",
-        "rev": "4ae2ac777c38f60a29384b70c456f41847cdf1b5",
+        "rev": "b47efe67031e12a2d5560b94fdb4de7dca3df80c",
-        "revCount": 28,
+        "revCount": 24,
         "type": "git",
         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
       },
@@ -692,11 +637,11 @@
     "thunderbird-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1732643121,
+        "lastModified": 1721874544,
-        "narHash": "sha256-i0Uo5EN45rlGuR85hvPet43zW/thOQTwHypVg9shTHU=",
+        "narHash": "sha256-BHW9jlx92CsHY84FT0ce5Vxl0KFheLhNn2vndcIf7no=",
         "owner": "rafaelmardojai",
         "repo": "thunderbird-gnome-theme",
-        "rev": "1994e7ec0649053e2a0811973245758d41e33f5f",
+        "rev": "628fcccb7788e3e0ad34f67114f563c87ac8c1dc",
         "type": "github"
       },
       "original": {
@@ -713,11 +658,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735135567,
+        "lastModified": 1722330636,
-        "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
+        "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
+        "rev": "768acdb06968e53aa1ee8de207fd955335c754b7",
         "type": "github"
       },
       "original": {
@@ -743,6 +688,24 @@
         "repo": "flake-utils",
         "type": "github"
       }
+    },
+    "utils_2": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1709126324,
+        "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -2,7 +2,7 @@
   description = "NixOS system configuration";
 
   inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.11";
+    nixpkgs.url = "nixpkgs/nixos-24.05";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
     # nixpkgs-master.url = "nixpkgs";
     agenix.url = "github:ryantm/agenix";
@@ -12,7 +12,7 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     home-manager = {
-      url = "github:nix-community/home-manager/release-24.11";
+      url = "github:nix-community/home-manager/release-24.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     firefox-gnome-theme = {
@@ -29,11 +29,11 @@
     };
     nixos-hardware.url = "github:NixOS/nixos-hardware";
     nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     nixvim = {
-      url = "github:nix-community/nixvim/nixos-24.11";
+      url = "github:nix-community/nixvim/nixos-24.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
     plasma-manager = {
@@ -112,12 +112,7 @@
         magicRollback = true;
         autoRollback = true;
         sshUser = "root";
-        nodes = lib.genAttrs [
+        nodes = lib.genAttrs [ "mail" "pi" "skycam" "vps1" ] mkDeployNode;
-          "mail"
-          # "pi"
-          # "skycam"
-          "vps1"
-        ] mkDeployNode;
       };
 
       checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;

hosts/common.nix

@@ -54,7 +54,7 @@
   programs.zsh.enable = true;
 
   nix = {
-    package = pkgs.nixVersions.stable;
+    package = pkgs.nixFlakes;
     extraOptions = ''
       experimental-features = nix-command flakes
     '';

hosts/desktop.nix

@@ -6,12 +6,13 @@
   ];
 
   nixpkgs.overlays = [
-    (import ../overlays/gnome.nix)
+    (import ../overlays/gnome)
   ];
 
-  services.printing.enable = false;
+  services.printing.enable = true;
   services.openssh.startWhenNeeded = true;
 
+  sound.enable = true;
   hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.pipewire = {

hosts/eos/hardware-configuration.nix

@@ -7,12 +7,11 @@
 
   boot = {
     initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+    initrd.kernelModules = [ ];
     initrd.supportedFilesystems = [ "zfs" ];
-    kernel.sysctl = {
+    kernelModules = [ ];
-      "kernel.nmi_watchdog" = 0;
-      "vm.laptop_mode" = 5;
-    };
     kernelParams = [ "elevator=none" ];
+    extraModulePackages = [ ];
     supportedFilesystems = [ "zfs" ];
   };
 

hosts/hypnos/hardware-configuration.nix

@@ -7,10 +7,6 @@
 
   boot = {
     initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
-    kernel.sysctl = {
-      "kernel.nmi_watchdog" = 0;
-      "vm.laptop_mode" = 5;
-    };
     kernelModules = [ "applesmc" "kvm-intel" "wl" ];
     extraModulePackages = [
       config.boot.kernelPackages.broadcom_sta
@@ -29,12 +25,13 @@
       modesetting.enable = true;
       powerManagement.enable = true;
     };
-    graphics = {
+    opengl = {
       enable = true;
       extraPackages = with pkgs; [
         libvdpau-va-gl
       ];
-      enable32Bit = true;
+      driSupport = true;
+      driSupport32Bit = true;
     };
   };
 }

hosts/library/default.nix

@@ -156,16 +156,16 @@
     };
   };
 
-  hardware.graphics = {
+  hardware.opengl = {
     enable = true;
     extraPackages = with pkgs; [
       vaapiVdpau
     ];
+    driSupport = true;
   };
   users.users.jellyfin.extraGroups = [ "video" "render" ];
   services.jellyfin = {
     enable = true;
-    package = pkgs.unstable.jellyfin;
     cacheDir = "/var/cache/jellyfin";
     dataDir = "/var/lib/jellyfin";
   };

hosts/odyssey/hardware-configuration.nix

@@ -19,7 +19,6 @@
     cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
     nvidia = {
       modesetting.enable = true;
-      open = true;
       package = config.boot.kernelPackages.nvidiaPackages.beta;
       powerManagement.enable = true;
     };

hosts/pi/default.nix

@@ -100,6 +100,8 @@
 
   networking.hostId = "731d1660";
 
+  sound.enable = true;
+
   security.rtkit.enable = true;
   services.pipewire = {
     enable = true;
@@ -117,18 +119,31 @@
 
   services.home-assistant = {
     enable = true;
-
+    extraComponents = [
+      "api"
+      "alert"
+      "auth"
+      "backup"
+      "command_line"
+      "default_config"
+      "homekit_controller"
+      "homekit"
+      "http"
+      "icloud"
+      "jellyfin"
+      "metoffice"
+      "mqtt"
+      "onkyo"
+      "ping"
+      "proximity"
+      "radio_browser"
+      "scrape"
+      "sensor"
+      "system_health"
+    ];
     config = {
-      automation = "!include automations.yaml";
-      backup = { };
-      binary_sensor = [ ];
       default_config = {};
-      http = {
+      backup = {};
-        server_host = "::1";
-        trusted_proxies = [ "::1" ];
-        use_x_forwarded_for = true;
-      };
-      ffmpeg = { };
       homeassistant = {
         name = "Home";
         latitude = "!secret latitude";
@@ -137,264 +152,14 @@
         temperature_unit = "C";
         time_zone = config.time.timeZone;
         unit_system = "metric";
-        auth_providers = [
-          {
-            type = "trusted_networks";
-            trusted_networks = [
-              "100.64.0.0/10"
-              "127.0.0.1"
-            ];
-            allow_bypass_login = true;
-          }
-          {
-            type = "homeassistant";
-          }
-        ];
       };
-      logger = {
-        default = "info";
-        logs = { };
-      };
-      lovelace = { };
-      media_player = [ ];
-      mobile_app = { };
       mqtt = { };
-      onkyo = { };
+      scene = "!include scenes.yaml";
-      open_meteo = { };
+      automation = "!include automations.yaml";
+      system_health = { };
       recorder = {
         purge_keep_days = 365;
       };
-      scene = "!include scenes.yaml";
-      sensor = [ ];
-      system_health = { };
-      zeroconf = { };
-    };
-
-    extraComponents = [
-      "air_quality"
-      "airly"
-      "alert"
-      "api"
-      "application_credentials"
-      "asuswrt"
-      "auth"
-      "automation"
-      "backup"
-      "bayesian"
-      "binary_sensor"
-      # "blackbird"
-      "blueprint"
-      "bluetooth"
-      "bluetooth_adapters"
-      "bluetooth_le_tracker"
-      "button"
-      "calendar"
-      "camera"
-      "cast"
-      "cert_expiry"
-      "climate"
-      "co2signal"
-      "color_extractor"
-      "command_line"
-      "compensation"
-      "config"
-      "configurator"
-      "counter"
-      "cover"
-      "cpuspeed"
-      "default_config"
-      "demo"
-      "derivative"
-      "device_automation"
-      "device_sun_light_trigger"
-      "device_tracker"
-      "dhcp"
-      "dlna_dmr"
-      "dlna_dms"
-      "dnsip"
-      "energy"
-      "esphome"
-      "fail2ban"
-      "fan"
-      "feedreader"
-      "ffmpeg"
-      "file"
-      "file_upload"
-      "filesize"
-      "folder"
-      "folder_watcher"
-      "forecast_solar"
-      "frontend"
-      "gdacs"
-      "generic"
-      "generic_hygrostat"
-      "generic_thermostat"
-      "geo_json_events"
-      "geo_location"
-      "geo_rss_events"
-      "github"
-      "group"
-      "hardware"
-      "hdmi_cec"
-      "history"
-      "history_stats"
-      "homeassistant"
-      "homeassistant_alerts"
-      "homekit"
-      "homekit_controller"
-      "html5"
-      "http"
-      "humidifier"
-      "icloud"
-      "image_processing"
-      "image_upload"
-      "input_boolean"
-      "input_button"
-      "input_datetime"
-      "input_number"
-      "input_select"
-      "input_text"
-      "integration"
-      "ios"
-      "jellyfin"
-      "light"
-      "local_calendar"
-      "local_file"
-      "local_ip"
-      "local_todo"
-      "lock"
-      "logbook"
-      "logentries"
-      "logger"
-      "lovelace"
-      "manual"
-      "manual_mqtt"
-      "matter"
-      "media_player"
-      "media_source"
-      "min_max"
-      "mjpeg"
-      "mobile_app"
-      "modern_forms"
-      "mold_indicator"
-      "moon"
-      "mqtt"
-      "mqtt_eventstream"
-      "mqtt_json"
-      "mqtt_room"
-      "mqtt_statestream"
-      "mysensors"
-      "network"
-      "nmap_tracker"
-      "notify"
-      "number"
-      "onboarding"
-      "onkyo"
-      "panel_custom"
-      "persistent_notification"
-      "person"
-      "ping"
-      "plant"
-      "prometheus"
-      "proximity"
-      "push"
-      "proximity"
-      "python_script"
-      "radio_browser"
-      "random"
-      "recorder"
-      "remote"
-      "repairs"
-      "rest"
-      "rest_command"
-      "rss_feed_template"
-      "scene"
-      "schedule"
-      "scrape"
-      "script"
-      "search"
-      "season"
-      "select"
-      "sense"
-      "sensor"
-      "sensorpush"
-      "shell_command"
-      "shopping_list"
-      "siren"
-      "smtp"
-      "snmp"
-      "sql"
-      "ssdp"
-      "statistics"
-      "stream"
-      "sun"
-      "switch"
-      "switch_as_x"
-      "system_health"
-      "system_log"
-      "systemmonitor"
-      "tag"
-      "tailscale"
-      "tcp"
-      "template"
-      "text"
-      "thread"
-      "threshold"
-      "time_date"
-      "timer"
-      "tod"
-      "todo"
-      "tomorrowio"
-      "trend"
-      "universal"
-      "upb"
-      "update"
-      "upnp"
-      "uptime"
-      "usb"
-      "utility_meter"
-      "vacuum"
-      "vlc"
-      "vlc_telnet"
-      "wake_on_lan"
-      "water_heater"
-      "weather"
-      "webhook"
-      "websocket_api"
-      "wled"
-      "workday"
-      "worldclock"
-      "zeroconf"
-      "zone"
-    ];
-
-    extraPackages = python3Packages: with python3Packages; [
-      onkyo-eiscp
-      zeroconf
-    ];
-
-    customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
-      bubble-card
-      button-card
-      ha-floorplan
-      mushroom
-      sankey-chart
-      universal-remote-card
-      # zigbee2mqtt-networkmap
-    ];
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."home.mesh.vimium.net" = {
-      forceSSL = false;
-      extraConfig = ''
-        proxy_buffering off;
-      '';
-      locations."/" = {
-        proxyPass = "http://[::1]:8123";
-        proxyWebsockets = true;
-      };
     };
   };
 

hosts/pi/hardware-configuration.nix

@@ -1,4 +1,4 @@
-{ lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
   imports = [
@@ -6,40 +6,6 @@
   ];
 
   boot = {
-    kernelPackages = let
-      version = "6.1.73";
-      tag = "stable_20240124";
-      srcHash = "sha256-P4ExzxWqZj+9FZr9U2tmh7rfs/3+iHEv0m74PCoXVuM=";
-      in pkgs.linuxPackagesFor (pkgs.linux_rpi4.override {
-        argsOverride = {
-          src = pkgs.fetchFromGitHub {
-            owner = "raspberrypi";
-            repo = "linux";
-            rev = tag;
-            hash = srcHash;
-          };
-          version = version;
-          modDirVersion = version;
-          structuredExtraConfig = {};
-          kernelPatches = [
-            {
-              name = "drm-rp1-depends-on-instead-of-select-MFD_RP1.patch";
-              patch = pkgs.fetchpatch {
-                url = "https://github.com/peat-psuwit/rpi-linux/commit/6de0bb51929cd3ad4fa27b2a421a2af12e6468f5.patch";
-                hash = "sha256-9pHcbgWTiztu48SBaLPVroUnxnXMKeCGt5vEo9V8WGw=";
-              };
-            }
-            {
-              name = "iommu-bcm2712-don-t-allow-building-as-module.patch";
-              patch = pkgs.fetchpatch {
-                url = "https://github.com/peat-psuwit/rpi-linux/commit/693a5e69bddbcbe1d1b796ebc7581c3597685b1b.patch";
-                hash = "sha256-8BYYQDM5By8cTk48ASYKJhGVQnZBIK4PXtV70UtfS+A=";
-              };
-            }
-          ];
-        };
-      });
-
     # Stop ZFS kernel being built
     supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ];
     tmp.cleanOnBoot = true;
@@ -48,24 +14,9 @@
   # Fix missing modules
   # https://github.com/NixOS/nixpkgs/issues/154163
   nixpkgs.overlays = [
-    (final: prev: {
+    (final: super: {
       makeModulesClosure = x:
-        prev.makeModulesClosure (x // { allowMissing = true; });
+        super.makeModulesClosure (x // { allowMissing = true; });
-    })
-    (final: prev: {
-      raspberrypifw = let
-        version = "1.20240529";
-        srcHash = "sha256-KsCo7ZG6vKstxRyFljZtbQvnDSqiAPdUza32xTY/tlA=";
-        in pkgs.raspberrypifw.override {
-          argsOverride = {
-            src = prev.fetchFromGitHub {
-              owner = "raspberrypi";
-              repo = "firmware";
-              rev = "${version}";
-              hash = srcHash;
-            };
-          };
-        };
     })
   ];
 

hosts/skycam/default.nix

@@ -55,7 +55,7 @@
   '';
 
   nixpkgs.overlays = [
-    (import ./../../overlays/libcamera.nix)
+    (import ./../../overlays/libcamera)
   ];
 
   networking = {

hosts/vps1/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, lib, self, ... }:
 
 {
   imports = [
@@ -37,44 +37,91 @@
     groups = {
       jellyfin = { };
     };
-    extraGroups.acme.members = [ "kanidm" "nginx" ];
   };
 
   services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
 
-  security.acme.certs."auth.vimium.com" = {
+  services.postgresql = {
-    postRun = "systemctl restart kanidm.service";
+    ensureUsers = [
-    group = "acme";
+      {
+        name = "zitadel";
+        ensureDBOwnership = true;
+        ensureClauses = {
+          superuser = true;
+        };
+      }
+    ];
+    ensureDatabases = [ "zitadel" ];
   };
 
-  services.kanidm = let
+  age.secrets."files/services/zitadel/masterkey" = {
-    baseDomain = "vimium.com";
+    file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age";
-    domain = "auth.${baseDomain}";
+    owner = "zitadel";
-    uri = "https://${domain}";
+    group = "zitadel";
-  in {
-    package = pkgs.unstable.kanidm;
-    enableClient = true;
-    enableServer = true;
-    clientSettings = {
-      inherit uri;
   };
-    serverSettings = {
+
-      bindaddress = "[::1]:3013";
+  systemd.services.zitadel = {
-      ldapbindaddress = "[::1]:636";
+    requires = [ "postgresql.service" ];
-      domain = baseDomain;
+    after = [ "postgresql.service" ];
-      origin = uri;
+  };
-      tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
+
-      tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
+  services.zitadel = {
+    enable = true;
+    masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
+    settings = {
+      Database.postgres = {
+        Host = "/run/postgresql";
+        Port = 5432;
+        Database = "zitadel";
+        User = {
+          Username = "zitadel";
+          SSL.Mode = "disable";
+        };
+        Admin = {
+          ExistingDatabase = "zitadel";
+          Username = "zitadel";
+          SSL.Mode = "disable";
+        };
+      };
+      ExternalDomain = "id.vimium.com";
+      ExternalPort = 443;
+      ExternalSecure = true;
+      Machine = {
+        Identification = {
+          Hostname.Enabled = true;
+          PrivateIp.Enabled = false;
+          Webhook.Enabled = false;
+        };
+      };
+      Port = 8081;
+      WebAuthNName = "Vimium";
+    };
+    steps.FirstInstance = {
+      InstanceName = "Vimium";
+      Org.Name = "Vimium";
+      Org.Human = {
+        UserName = "jordan@vimium.com";
+        FirstName = "Jordan";
+        LastName = "Holt";
+        Email = {
+          Address = "jordan@vimium.com";
+          Verified = true;
+        };
+        Password = "Password1!";
+        PasswordChangeRequired = true;
+      };
+      LoginPolicy.AllowRegister = false;
     };
   };
 
-  services.nginx.virtualHosts = {
+  services.nginx.virtualHosts."id.vimium.com" = {
-    "auth.vimium.com" = {
+    enableACME = true;
-      useACMEHost = "auth.vimium.com";
     forceSSL = true;
     locations."/" = {
-        proxyPass = "https://[::1]:3013";
+      extraConfig = ''
-      };
+        grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port};
+        grpc_set_header Host $host:$server_port;
+      '';
     };
   };
 

modules/databases/postgresql.nix

@@ -17,6 +17,7 @@ in {
   config = lib.mkIf cfg.enable {
     services.postgresql = {
       enable = true;
+      enableJIT = true;
       initdbArgs = [
         "--allow-group-access"
         "--encoding=UTF8"

modules/default.nix

@@ -32,7 +32,6 @@
     ./editors/neovim
     ./editors/vscode.nix
     ./hardware/presonus-studio.nix
-    ./networking/netbird.nix
     ./networking/tailscale.nix
     ./networking/wireless.nix
     ./security/gpg.nix

modules/desktop/gaming/lutris.nix

@@ -21,9 +21,10 @@ in {
       vulkan-tools
     ];
 
-    hardware.graphics = {
+    hardware.opengl = {
       enable = true;
-      enable32Bit = true;
+      driSupport = true;
+      driSupport32Bit = true;
     };
   };
 }

modules/desktop/gnome.nix

@@ -24,11 +24,6 @@ in {
       "io/github/celluloid-player/celluloid" = {
         draggable-video-area-enable = true;
       };
-      "org/gnome/Console" = {
-        font-scale = 1.4;
-        use-system-font = false;
-        custom-font = "ComicShannsMono Nerd Font 10";
-      };
       "org/gnome/desktop/interface" = {
         color-scheme = "prefer-dark";
         cursor-theme = "Adwaita";
@@ -66,11 +61,6 @@ in {
         edge-tiling = true;
         experimental-features = [ "scale-monitor-framebuffer" ];
       };
-      "org/gnome/Ptyxis" = {
-        use-system-font = false;
-        font-name = "ComicShannsMono Nerd Font 11";
-        audible-bell = false;
-      };
       "org/gnome/settings-daemon/plugins/media-keys" = {
         volume-up = [
           "<Shift>F12"
@@ -87,6 +77,7 @@ in {
           "appindicatorsupport@rgcjonas.gmail.com"
           # "arcmenu@arcmenu.com"
           "blur-my-shell@aunetx"
+          # "browser-tabs@com.github.harshadgavali"
           "burn-my-windows@schneegans.github.com"
           "clipboard-indicator@tudmotu.com"
           "CoverflowAltTab@palatis.blogspot.com"
@@ -98,13 +89,14 @@ in {
           # "forge@jmmaranan.com"
           "gsconnect@andyholmes.github.io"
           # "gSnap@micahosborne"
-          "hidetopbar@mathieu.bidon.ca"
+          # "hidetopbar@mathieu.bidon.ca"
           "just-perfection-desktop@just-perfection"
           # "mediacontrols@cliffniff.github.com"
           # "mousefollowsfocus@matthes.biz"
           # "pano@elhan.io"
           # "paperwm@hedning:matrix.org"
           "pip-on-top@rafostar.github.com"
+          # "rounded-window-corners@yilozt"
           # "search-light@icedman.github.com"
           # "smart-auto-move@khimaros.com"
           "space-bar@luchrioh"
@@ -118,7 +110,6 @@ in {
         favorite-apps = [
           "firefox.desktop"
           "org.gnome.Nautilus.desktop"
-          "org.gnome.Ptyxis.desktop"
         ];
       };
       "org/gnome/shell/extensions/blur-my-shell/panel" = {
@@ -192,6 +183,11 @@ in {
         outer-gaps = 8;
         enable-blur-snap-assistant = true;
       };
+      "org/gnome/Console" = {
+        font-scale = 1.4;
+        use-system-font = false;
+        custom-font = "ComicShannsMono Nerd Font 10";
+      };
       "org/gtk/settings/file-chooser" = {
         show-hidden = true;
         sort-directories-first = true;
@@ -222,8 +218,8 @@ in {
       # d-spy
       # drawing
       # fragments
-      dconf-editor
+      gnome.dconf-editor
-      ghex
+      gnome.ghex
       # gnome-builder
       gnome-decoder
       gnome-firmware
@@ -231,10 +227,9 @@ in {
       # gnome-obfuscate
       gnome-podcasts
       identity
-      # mission-center
+      mission-center
       mousam
       newsflash
-      ptyxis
       # schemes
       shortwave
       sysprof
@@ -255,6 +250,7 @@ in {
       gnomeExtensions.appindicator
       gnomeExtensions.arcmenu
       gnomeExtensions.blur-my-shell
+      gnomeExtensions.browser-tabs
       gnomeExtensions.burn-my-windows
       gnomeExtensions.clipboard-indicator
       gnomeExtensions.coverflow-alt-tab
@@ -270,9 +266,10 @@ in {
       gnomeExtensions.just-perfection
       gnomeExtensions.media-controls
       gnomeExtensions.mouse-follows-focus
-      # gnomeExtensions.pano (disabled due to: https://github.com/NixOS/nixpkgs/issues/369438)
+      gnomeExtensions.pano
       gnomeExtensions.paperwm
       gnomeExtensions.pip-on-top
+      gnomeExtensions.rounded-window-corners
       gnomeExtensions.search-light
       gnomeExtensions.smart-auto-move
       gnomeExtensions.space-bar

modules/editors/neovim/default.nix

@@ -11,7 +11,7 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
-    home.programs.nixvim.config = {
+    home.programs.nixvim = {
       enable = true;
       defaultEditor = true;
 
@@ -59,15 +59,15 @@ in {
           eslint.enable = true;
           gopls.enable = true;
           html.enable = true;
-          lua_ls.enable = true;
+          lua-ls.enable = true;
           pylsp.enable = true;
           nixd.enable = true;
-          rust_analyzer = {
+          rust-analyzer = {
             enable = true;
             installCargo = true;
             installRustc = true;
           };
-          ts_ls.enable = true;
+          tsserver.enable = true;
         };
       };
 
@@ -108,7 +108,7 @@ in {
         nixvimInjections = true;
 
         folding = true;
-        settings.indent.enable = true;
+        indent = true;
       };
 
       plugins.treesitter-refactor = {
@@ -121,8 +121,6 @@ in {
 
       plugins.undotree.enable = true;
 
-      plugins.web-devicons.enable = true;
-
       # plugins.gitsigns.enable = true;
       # plugins.gitgutter.enable = true;
       # plugins.goyo.enable = true;

modules/networking/netbird.nix

@@ -1,70 +0,0 @@
-{ config, lib, self, ... }:
-
-let
-  cfg = config.modules.networking.netbird;
-  hostname = config.networking.hostName;
-in {
-  options.modules.networking.netbird = {
-    enable = lib.mkEnableOption "netbird";
-    coordinatorDomain = lib.mkOption {
-      type = lib.types.str;
-      default = "netbird.vimium.net";
-    };
-    meshDomain = lib.mkOption {
-      type = lib.types.str;
-      default = "mesh.vimium.net";
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    age.secrets."passwords/services/netbird/data-store-encryption-key" = {
-      file = "${self.inputs.secrets}/passwords/services/netbird/data-store-encryption-key.age";
-    };
-
-    services.netbird = {
-      enable = true;
-    };
-
-    services.netbird.server = {
-      domain = cfg.coordinatorDomain;
-      enable = true;
-      enableNginx = true;
-      dashboard.settings = {
-        AUTH_AUTHORITY = "https://auth.vimium.com/oauth2/openid/netbird";
-      };
-      management = rec {
-        disableAnonymousMetrics = true;
-        dnsDomain = cfg.meshDomain;
-        oidcConfigEndpoint = "https://auth.vimium.com/oauth2/openid/netbird/.well-known/openid-configuration";
-        settings = {
-          DataStoreEncryptionKey = {
-            _secret = config.age.secrets."passwords/services/netbird/data-store-encryption-key".path;
-          };
-          HttpConfig = {
-            AuthAudience = "netbird";
-          };
-          StoreConfig = { Engine = "sqlite"; };
-          TURNConfig = {
-            Secret._secret = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
-            TimeBasedCredentials = true;
-          };
-          PKCEAuthorizationFlow.ProviderConfig = {
-            AuthorizationEndpoint = "https://auth.vimium.com/ui/oauth2";
-            TokenEndpoint = "https://auth.vimium.com/oauth2/token";
-          };
-        };
-        singleAccountModeDomain = dnsDomain;
-        turnDomain = config.services.coturn.realm;
-        turnPort = config.services.coturn.listening-port;
-      };
-    };
-
-    systemd.services.netbird-signal.serviceConfig.RestartSec = "60";
-    systemd.services.netbird-management.serviceConfig.RestartSec = "60";
-
-    services.nginx.virtualHosts."netbird.vimium.net" = {
-      enableACME = true;
-      forceSSL = true;
-    };
-  };
-}

modules/networking/wireless.nix

@@ -26,9 +26,9 @@ in {
       wireless = {
         enable = true;
         interfaces = cfg.interfaces;
-        secretsFile = config.age.secrets."passwords/networks".path;
+        environmentFile = config.age.secrets."passwords/networks".path;
         networks = {
-          "Apollo 600 Mbps".pskRaw = "ext:PSK_APOLLO";
+          "Apollo 600 Mbps".psk = "@PSK_APOLLO@";
         };
       };
       networkmanager.ensureProfiles.profiles = {

modules/options.nix

@@ -36,7 +36,7 @@ with lib;
       in {
         inherit name;
         isNormalUser = true;
-        extraGroups = [ "audio" "networkmanager" "wheel" "lxd" ];
+        extraGroups = [ "networkmanager" "wheel" "lxd" ];
         description = "Jordan Holt";
         useDefaultShell = true;
         openssh.authorizedKeys.keys = [

modules/services/headscale/default.nix

@@ -1,17 +1,19 @@
 { config, lib, pkgs, ... }:
 
+with lib;
+
 let
   cfg = config.modules.services.headscale;
   fqdn = "headscale.vimium.net";
 in {
   options.modules.services.headscale = {
-    enable = lib.mkOption {
+    enable = mkOption {
       default = false;
       example = true;
     };
   };
 
-  config = lib.mkIf cfg.enable {
+  config = mkIf cfg.enable {
     environment.systemPackages = [ pkgs.headscale ];
 
     services.headscale = {
@@ -20,17 +22,12 @@ in {
       port = 8080;
 
       settings = {
-        policy.path = null;
         ip_prefixes = [
           "100.64.0.0/10"
         ];
         server_url = "https://${fqdn}";
-        derp = {
+        dns_config = {
-          auto_update_enable = false;
+          base_domain = "vimium.net";
-          update_frequency = "24h";
-        };
-        dns = {
-          base_domain = "mesh.vimium.net";
           extra_records = [
             {
               name = "grafana.mesh.vimium.net";
@@ -43,10 +40,6 @@ in {
               value = "100.64.0.7";
             }
           ];
-          magic_dns = true;
-          nameservers.global = [
-            "9.9.9.9"
-          ];
         };
         logtail.enabled = false;
       };

modules/services/matrix/default.nix

@@ -28,6 +28,9 @@ in {
       default = "vimium.com";
       example = "vimium.com";
     };
+    slidingSync = {
+      enable = lib.mkEnableOption "sliding-sync";
+    };
     usePostgresql = lib.mkEnableOption "postgresql";
   };
 
@@ -39,9 +42,10 @@ in {
         base_url = "https://${matrixSubdomain}";
         server_name = cfg.serverName;
       };
-      "m.identity_server" = {
+      "m.identity_server" = {};
-        "base_url" = "https://vector.im";
+      "org.matrix.msc3575.proxy" = if cfg.slidingSync.enable then {
-      };
+        "url" = "https://${matrixSubdomain}";
+      } else { };
     };
     matrixServerConfig."m.server" = "${matrixSubdomain}:443";
     commonBridgeSettings = bridge: {
@@ -130,6 +134,13 @@ in {
             '';
           };
           "/_synapse/client".proxyPass = "http://localhost:8008";
+          "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = lib.mkIf cfg.slidingSync.enable {
+            priority = 100;
+            proxyPass = "http://localhost:8009";
+            extraConfig = ''
+              proxy_set_header X-Forwarded-For $remote_addr;
+            '';
+          };
         };
       };
       "${cfg.serverName}" = let
@@ -160,11 +171,6 @@ in {
       };
     } else {});
 
-    nixpkgs.config.permittedInsecurePackages = [
-      "jitsi-meet-1.0.8043"
-      "olm-3.2.16"
-    ];
-
     services.matrix-synapse = {
       enable = true;
       enableRegistrationScript = true;
@@ -175,12 +181,26 @@ in {
         max_upload_size = "100M";
         report_stats = false;
         server_name = cfg.serverName;
+        app_service_config_files = (lib.optional cfg.bridges.whatsapp
+          "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml");
       };
     };
     systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups =
       (lib.optional cfg.bridges.whatsapp
         config.systemd.services.mautrix-whatsapp.serviceConfig.Group);
 
+    age.secrets = if cfg.slidingSync.enable then {
+      "files/services/matrix/sliding-sync" = {
+        file = "${self.inputs.secrets}/files/services/matrix/sliding-sync.age";
+      };
+    } else {};
+
+    services.matrix-sliding-sync = lib.mkIf cfg.slidingSync.enable {
+      enable = true;
+      environmentFile = config.age.secrets."files/services/matrix/sliding-sync".path;
+      settings = { SYNCV3_SERVER = "https://${matrixSubdomain}"; };
+    };
+
     services.postgresql = lib.mkIf cfg.usePostgresql {
       ensureUsers = [
         {

modules/services/nginx/default.nix

@@ -118,12 +118,8 @@ in {
           serverAliases = [ "www.jdholt.com" ];
           extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
           locations."/skycam/snapshot.jpg" = {
+            proxyPass = "http://skycam.mesh.vimium.net:8080/snapshot";
             extraConfig = ''
-              set $backend "skycam.mesh.vimium.net:8080";
-
-              resolver 100.100.100.100;
-
-              proxy_pass http://$backend/snapshot;
               proxy_cache skycam_cache;
               proxy_cache_valid any 10s;
               proxy_ignore_headers Cache-Control Expires Set-Cookie;

overlays/gnome.nix

@@ -1,22 +0,0 @@
-final: prev:
-{
-  gvdb = prev.fetchgit {
-    url = "https://gitlab.gnome.org/GNOME/gvdb.git";
-    rev = "b54bc5da25127ef416858a3ad92e57159ff565b3"; # From gvdb_wrap
-    sha256 = "c56yOepnKPEYFcU1B1TrDl8ydU0JU+z6R8siAQP4d2A=";
-  };
-
-  mutter = prev.mutter.overrideAttrs (attrs: {
-    src = prev.fetchurl {
-      url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-47/mutter-triple-buffering-v4-47.tar.gz";
-      sha256 = "oeykTJRcG/SY83U8RYnyFFZ8zKqoyXvtbaS2f/s503U=";
-    };
-
-    postPatch = ''
-      mkdir -p subprojects/gvdb
-      cp -r ${final.gvdb}/* subprojects/gvdb/
-
-      ${attrs.postPatch or ""}
-    '';
-  });
-}

overlays/gnome/default.nix

@@ -0,0 +1,11 @@
+final: prev:
+{
+  gnome = prev.gnome.overrideScope' (gself: gsuper: {
+    mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
+      src = prev.fetchurl {
+        url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz";
+        sha256 = "mmFABDsRMzYnLO3+Cf3CJ60XyUBl3y9NAUj+vs7nLqE=";
+      };
+    });
+  });
+}

overlays/ha-floorplan.nix

@@ -1,4 +0,0 @@
-final: prev:
-{
-  home-assistant-custom-lovelace-modules.ha-floorplan = prev.callPackage ../pkgs/ha-floorplan/package.nix;
-}

pkgs/ha-floorplan/package.nix

@@ -1,38 +0,0 @@
-{
-  lib,
-  buildNpmPackage,
-  fetchFromGitHub
-}:
-
-buildNpmPackage rec {
-  pname = "floorplan";
-  version = "1.0.44";
-
-  src = fetchFromGitHub {
-    owner = "ExperienceLovelace";
-    repo = "ha-floorplan";
-    rev = "refs/tags/${version}";
-    hash = "sha256-ajEA47H9nFXVcuvhwkDsxc5YYQWMsUXqHQ3t6tuAaxc=";
-  };
-
-  npmDepsHash = "sha256-/6H3XMraD7/usZBwmQaCDpV2n1Eed+U+G0f2YnjyWgk=";
-
-  installPhase = ''
-    runHook preInstall
-    mkdir $out
-    cp -R dist/* $out/
-    runHook postInstall
-  '';
-
-  meta = {
-    description = "Floorplan for Home Assistant";
-    longDescription = ''
-      Bring new life to Home Assistant. By mapping entities to a SVG-object,
-      you're able to control devices, show states, calling services - and much
-      more. Add custom styling on top, to visualize whatever you can think of.
-      Your imagination just became the new limit.
-    '';
-    homepage = "https://github.com/ExperienceLovelace/ha-floorplan";
-    license = lib.licenses.asl20;
-  };
-}